diff options
author | Antonio Nino Diaz <antonio.ninodiaz@arm.com> | 2017-06-01 13:40:17 +0100 |
---|---|---|
committer | Antonio Nino Diaz <antonio.ninodiaz@arm.com> | 2017-06-01 14:52:11 +0100 |
commit | 128daee29868a8a4a7cf00508126ea68311fd1cc (patch) | |
tree | a92dead477d6afb662f0a366011b6a4821d6efd2 /docs | |
parent | 79eb1aff7850f6b23a302835d7a08936d74e8ce2 (diff) |
FWU: Check for overlaps when loading images
Added checks to FWU_SMC_IMAGE_COPY to prevent loading data into a
memory region where another image data is already loaded.
Without this check, if two images are configured to be loaded in
overlapping memory regions, one of them can be loaded and
authenticated and the copy function is still able to load data from
the second image on top of the first one. Since the first image is
still in authenticated state, it can be executed, which could lead to
the execution of unauthenticated arbitrary code of the second image.
Firmware update documentation updated.
Change-Id: Ib6871e569794c8e610a5ea59fe162ff5dcec526c
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Diffstat (limited to 'docs')
-rw-r--r-- | docs/firmware-update.md | 1 | ||||
-rw-r--r-- | docs/porting-guide.md | 7 |
2 files changed, 8 insertions, 0 deletions
diff --git a/docs/firmware-update.md b/docs/firmware-update.md index 21872fd4..56ef15cb 100644 --- a/docs/firmware-update.md +++ b/docs/firmware-update.md @@ -211,6 +211,7 @@ for BL1 to pass execution control to BL31. if (source block is in secure memory) return -ENOMEM if (source block is not mapped into BL1) return -ENOMEM if (image_size > free secure memory) return -ENOMEM + if (image overlaps another image) return -EPERM This SMC copies the secure image indicated by `image_id` from non-secure memory to secure memory for later authentication. The image may be copied in a single diff --git a/docs/porting-guide.md b/docs/porting-guide.md index 4d7a5ead..c7b9e89c 100644 --- a/docs/porting-guide.md +++ b/docs/porting-guide.md @@ -354,6 +354,13 @@ be defined: NS_BL2U image identifier, used by BL1 to fetch an image descriptor corresponding to NS_BL2U. +For the the Firmware update capability of TRUSTED BOARD BOOT, the following +macros may also be defined: + +* **#define : PLAT_FWU_MAX_SIMULTANEOUS_IMAGES** + + Total number of images that can be loaded simultaneously. If the platform + doesn't specify any value, it defaults to 10. If a SCP_BL2 image is supported by the platform, the following constants must also be defined: |